Senior Lead AI Security Specialist

The Advanced Pentesting and Research team, a vital component of Citi's Cyber Security Operations, provides critical security testing services that enable the rapid and secure delivery of solutions to our customers.

• Perform in-depth analysis and research of new vulnerabilities and exploits
• Demonstrate the impact of these through the development of proof-of-concept code
• Act as a subject matter expert in offensive information security, application pentesting, networking, operating systems, and databases
• Research and identify potential security issues within Citi Applications
• Drive remediation by outlining a defense-in-depth approach to business stakeholders and providing strategic solutions to developers on effective security controls and counter measures
• Contribute to the architecture, design, and development of advanced AI tooling to assist with vulnerability detection and code analysis
• Collaborate with cross-functional teams to integrate AI capabilities into our existing security tools and processes
• Design and implement user-friendly interfaces and workflows for AI-powered security tools
• Conduct thorough testing and evaluation of AI models and tools to ensure their accuracy, reliability, and effectiveness
• Review internal tools, testing processes and methodologies within Application Security space and assist in identifying potential opportunities for improvement and automation
• Mentor and guide junior security analysts and teams

• 10 years of professional experience in an Information Security or Cybersecurity role
• Multiple years of professional experience in an Artificial Intelligence (AI) Development role
• Demonstrated experience in vulnerability discovery, analysis, and exploitation
• Comfortable with manual application penetration testing and threat modeling
• Passion for security research, demonstrated by published research, active participation in community events, or contributions to the security community
• Understand CVEs and should be able to reproduce proof-of-concept easily
• Experience in developing AI-powered applications and tools, preferably in the security domain
• Hands-on experience working with security tools such as BurpSuite Proxy, AppScan, WebInspect, SoapUI, Qualys, CheckMarx, BlackDuck, Snyk, Nessus, NMAP
• Deep knowledge of common application security related industry standards such as OWASP Top 10, CWE/SANS Top 25
• Excellent problem-solving skills and the ability to work in a fast-paced environment
• Effective communication skills with the capacity to articulate complex security issues to technical and non-technical stakeholders
• Must have or be willing to obtain industry-accredited security certification such as: GIAC GWEB, GWAPT, GMOB, GPEN, GXPN, OSCP, OSWE, CISSP, AI/ML certifications
• Experience working with AI related technologies, such as Large Language Models (LLMs), Agentic AI Architecture, MCP server/clients, RAG integrations, and frameworks like LangChain, RAG, PyTorch, TensorFlow, Haystack, etc.
• Contributions to open-source AI or security projects
• Strong understanding of a variety of application architectures (Microservices, REST APIs, SOA, MVC), software development methodologies (Agile, DevOps, Waterfall), programming/scripting languages (Java, .NET/C#, C/C++, Python, Ruby), development frameworks (Spring, Struts, AngularJS, NodeJS), and application infrastructure (web/app servers, middleware components, databases, public/private/hybrid cloud deployment, cloud service models - SaaS/PaaS/IaaS)

• 401(k)
• Medical, dental & vision coverage
• 401(k) matching
• Life, accident, and disability insurance
• Wellness programs
• Paid time off packages
• Paid holidays

Citi, the leading global bank, has approximately 200 million customer accounts and does business in more than 160 countries and jurisdictions.